Poison NULL byte vulnerability for perl CGI applications was described
in [1]. ShAnKaR noted, that same vulnerability also affects different
PHP applications. An example of vulnerable applications are phpBB and
punBB.

Vulnerability can be used to upload or replace arbitrary files on
server, e.g. PHP scripts, by adding "poison NULL" (%00) to filename.

In case of phpBB and punBB vulnerability can be exploited by changing
location of avatar file and uploading avatar file with PHP code in EXIF
data.